CERT Advisory: Buffer Overflow in Multiple DNS Resolver Libraries

Tuesday Jul 2nd 2002 by Kevin Reichard

Share:

A buffer overflow vulnerability exists in multiple implementations of DNS resolver libraries. Operating systems and applications that utilize vulnerable DNS resolver libraries may be affected. A remote attacker who is able to send malicious DNS responses could potentially exploit this vulnerability to execute arbitrary code or cause a denial of service on a vulnerable system.

A buffer overflow vulnerability exists in multiple implementations of DNS resolver libraries. Operating systems and applications that utilize vulnerable DNS resolver libraries may be affected. A remote attacker who is able to send malicious DNS responses could potentially exploit this vulnerability to execute arbitrary code or cause a denial of service on a vulnerable system.

The Solaris DNS resolver library (libresolv.so) is affected by this issue in all currently supported versions of Solaris: Solaris 2.5.1, 2.6, 7, 8, and 9

Patches are being generated for all of the above releases. Sun will publish a Sun Security Bulletin and a Sun Alert for this issue. The Sun Alert and patches will be available from http://sunsolve.sun.com/securitypatch.